bug: no pagination header in the Management API response

[ysemennikov]

Describe the bug

I use the Management API to retrieve the invitations list of an organization. I use the following endpoint: /api/organization-invitations.

As per the docs, the response is paginated and it must have a Total-Number header. Howewer, in the response there are only these headers:

[
    ("date", "Mon, 27 May 2024 13:11:21 GMT"),
    ("content-type", "application/json; charset=utf-8"),
    ("transfer-encoding", "chunked"),
    ("connection", "keep-alive"),
    ("cross-origin-embedder-policy", "credentialless"),
    ("cross-origin-resource-policy", "same-origin"),
    ("etag", 'W/"11c-r0y5T0M4VeiYnKDsTj/ktBqOlp0"'),
    ("logto-core-request-id", "MEbMPx9Qq82afPuq"),
    ("origin-agent-cluster", "?1"),
    ("referrer-policy", "strict-origin-when-cross-origin"),
    ("strict-transport-security", "max-age=15552000; includeSubDomains"),
    ("vary", "Accept-Encoding"),
    ("vary", "Accept-Encoding, Origin"),
    ("x-content-type-options", "nosniff"),
    ("x-download-options", "noopen"),
    ("x-frame-options", "SAMEORIGIN"),
    ("x-permitted-cross-domain-policies", "none"),
    ("x-xss-protection", "0"),
    ("nel", '{"success_fraction":0,"report_to":"cf-nel","max_age":604800}'),
    ("server", "cloudflare"),
    ("content-encoding", "gzip"),
    ("alt-svc", 'h3=":443"; ma=86400'),
]

So neither Total-Number nor Link headers are presented. I've also tried the /api/users/{user_id}/organizations (response also has to be paginated), but no pagination headers are presented.

Please notice in reality there is only 1 invitation and only 1 user in the organization, maybe it makes sense.

Expected behavior

Both Total-Number and Link headers are presented in paginated responses.

How to reproduce?

Send a request to the Logto Management API using the M2M Access Token. Endpoint: /api/organization-invitations or /api/users/{user_id}/organizations

I use Python and the httpx package to send requests to the Management API. The logto-core-request-id header is presented, so I assume headers are not blocked.

The function:

from httpx import AsyncClient

async def get_invitations(
        organization_id: str
    ) -> None:
        """Get all invitations for an organization."""
        async with AsyncClient(base_url="https://<my-logto-endpoint>", headers={"Authorization": "Bearer <token>"}) as client:
            response = await client.get(
                "/api/organization-invitations",
                params={
                    "organizationId": organization_id,
                    "page": 1,
                    "page_size": 50,
                },
            )

        print(response.headers)

Context

• [ ] Logto Cloud
• [x] Self-hosted, Logto version = 1.16.0
  • [x] Container (Docker image)
  • [ ] Raw Node.js

[charIeszhao]

Yes, this is an acknowledged issue. Previously we use this internally for the Cloud collaboration feature, and we assume there won't be too many invitations for a single tenant, and thus the pagination headers were not included.

However, we can improve this in the future releases, but due to the limited bandwidth we can't guarantee when it will happen.

You are always welcome to contribute if you are interested in. Let me know if you need any help.

[charIeszhao]

For now, I'll remove the "invitation list with pagination" description from the API doc, in order not to cause any more confusion.

[ysemennikov]

Yes, this is an acknowledged issue. Previously we use this internally for the Cloud collaboration feature, and we assume there won't be too many invitations for a single tenant, and thus the pagination headers were not included.

Hey @charIeszhao, thank you for the response!

Is it right that these responses are not paginated now, so I simply get all the invitations that exist? Or they are still paginated, but headers are not being returned?

[charIeszhao]

You're right. They are not paginated now. Just get all invitations!